Privacy Policy
StyleKorean.com (hereinafter referred to as the “Company” or “StyleKorean”) values the
protection of users’ personal information and complies with applicable laws and regulations,
including the Personal Information Protection Act, the Act on Promotion of Information and
Communications Network Utilization and Information Protection, and the General Data Protection
Regulation (GDPR).
The Company implements technical and administrative safeguards to prevent loss, theft, leakage,
alteration, or damage of users’ personal information and strives to manage such information
securely.
This Privacy Policy explains the types of personal information collected by the Company, the
purposes of use and processing, the retention and use period, and users’ rights and how to
exercise them.
Article 1. Purpose of Processing Personal Information
1. The Company collects only the minimum personal information necessary to provide its
services. If additional personal information is required to offer personalized services based on
users’ preferences and interests, the Company will obtain prior consent.
2. Members may refuse consent for optional items without restriction on basic service use;
however, some features may be limited. Non-members may refuse consent to the collection
and use of personal information, but this may restrict product purchases and service use.
3. The Company does not collect sensitive personal information, including race or ethnicity,
religion or philosophical beliefs, country of origin, political opinions, criminal records, health
or medical information, or sexual orientation. However, in the course of providing global
services, if information classified as “Sensitive Personal Information” under the definitions of
local laws (e.g., CPRA) is processed, the Company complies with the protective measures
required by such laws. Specific details regarding such processing are clearly provided in the
country-specific notices (e.g., Article 8) of this Privacy Policy.
| Classification |
Purpose of Use |
Details of Information Collected |
| Mandatory |
Member Management
|
- Verification of intent to register and confirmation of consent
- User identification and account authentication
- Maintenance and management of membership status
- Prevention of fraudulent use and unauthorized access
- Provision of notices, announcements, and customer communications
- Handling of customer inquiries and complaints
|
|
Contract Performance and Service Operation
|
- Processing of product orders, payments, deliveries, returns and refunds
- Performance of contracts for purchase agreements and service provision
- Customer support related to transactions and services
- Processing of payment information related to the purchase of goods or services
- Entrustment of personal information processing in connection with service use and
information processing
|
| Optional |
Marketing and Personalized Services |
- Provision of personalized services, convenience, and benefits based on user preferences
and characteristics
- Delivery of event, promotion, and marketing information (with prior consent)
- Analysis of service usage and marketing trends at an individual or group level
- Improvement of products, services, and user experience
|
| Other |
Event Participation and Promotion Management |
- Provision of information related to events and promotions
- Support for event participation through the website, email, social media, and other
channels
|
| Service Usage Data and Operational Analysis |
- Analysis of user interests and service usage patterns
- Service improvement through statistical analysis and internal research
- Prevention of fraudulent transactions and abnormal usage
- Retention of records for dispute resolution and compliance with legal obligations
|
Article 2 (Categories of Personal Information Processed)
The Company collects and processes the following personal information for the provision of its services.
(1) Categories of personal information processed without the consent of the data subject
(2) Categories of personal information processed with the consent of the data subject
Personal information processed in accordance with Article 15(1)1 and Article 22(1)7 of the Personal
Information Protection Act
| Classification |
Method of Collection |
Items Collected and Processed |
| Mandatory |
At the Time of Membership Registration
|
- Mandatory items: Name, date of birth, ID, password, email, address, phone number (mobile
and home), address
- Optional items: Nickname, profile image
|
|
During Product Order, Payment, Delivery, and Refund (Members)
|
- Delivery information: Name, contact number, address, email address
- Payment information: Payment method details
- Transaction information: Order and refund history
|
|
During Product Order, Payment, Delivery, and Refund (Non-Members)
|
Delivery information: Name, contact number, address, email address
Payment information: Payment method details
Transaction information: Order and refund history
|
| When Submitting Customer Inquiries or Complaints |
Personal information necessary to process inquiries
Details of customer inquiries and consultation records
|
| Optional |
With Consent for Service Improvement and Usage Analysis |
Name, date of birth, ID, email address, phone number, address
Payment methods, order and refund history
Customer inquiry records
Curation information based on service usage records and purchase
history
Personalized information voluntarily provided by the user or
generated during service use, such as skin type, skin concerns, and
preferred categories
|
| Other |
Automatically Collected During Service Use |
Access logs, IP address, cookies, browser type, and device information |
2. Legal Basis for Processing Personal Information
The Company processes personal information based on the following legal grounds:
- The data subject’s explicit consent
- Necessity for the performance of a contract and the provision of services
- Compliance with legal obligations under applicable laws and regulations
- The Company’s legitimate interests, including the prevention of fraudulent use, enhancement of
security, ensuring service stability, and improvement of services
Article 3 (Personal Information of Children)
- The Company does not process personal information of children under the age of 14 (or
under the age of 16 for residents of the EEA and California, USA, or under the minimum
age prescribed by the laws of the country of residence).
Article 4 (Entrustment of Personal Information Processing)
- For the smooth processing of personal information-related work, the Company entrusts
the processing of personal information to third parties as follows.
| Service Provider(Data Processor) |
Country of Location |
Scope of Entrusted Services |
Privacy Policy / Sub-processors |
| PayPal |
United States |
- Provision of international payment processing services
- Processing of payment approvals, cancellations, and refunds
- Processing of transaction information for the application of PayPal's Seller
Protection
Policy
|
https://developer.paypal.com/braintree/in-person/reference/paypal-braintree-sub-processors/
|
| Eximbay |
Republic of Korea |
- Processing of international card payments and global payment methods
- Payment approval, cancellation, refund, and settlement processing
- Fraud prevention and payment security management
|
https://www.eximbay.com/privacy.do |
| Klarna |
Sweden |
- Provision of Buy Now, Pay Later (BNPL) services
- Management of payment approvals and payment records
|
https://creator.klarna.com/terms/publisher-terms?utm_source=chatgpt.com
|
| VTPAY |
Republic of Korea |
- Processing of simple payment services and payment approvals
- Management of payment records and settlement support
|
https://apps.apple.com/us/app/vtpay-by-3sm/id6755428590 |
| Alipay+ |
Overseas |
- Processing of simple payments for users in China and global users
- Processing of payment approvals, cancellations, and refunds
|
https://legal.alipayplus.com/alipayplus/legal/docs/privacy |
| Apple Pay |
Overseas |
- Processing and authentication services for Apple Pay payments
|
https://www.apple.com/legal/privacy/en-ww/ |
AMEX
(American Express) |
United States |
- Processing of AMEX card payment approvals and settlements
|
https://www.americanexpress.com/us/company/privacy-center/online-privacy-disclosures/#collect-data
|
| DHL |
Overseas |
- Provision of international express delivery services
|
https://www.dhl.com/us-en/home/footer/privacy-notice.html |
| FedEx |
Overseas |
- Overseas shipping and customs clearance coordination for ordered products
|
https://www.fedex.com/en-us/trust-center/global-privacy-policy.html
|
| UPS |
Overseas |
- Overseas shipping and customs clearance coordination for ordered products
|
https://www.ups.com/kr/en/support/shipping-support/legal-terms-conditions/privacy-notice
|
| Aramex |
Overseas |
- Overseas shipping and customs clearance coordination for ordered products
|
https://www.aramex.com/kr/en/legal-details/privacy-policy |
| Delivered Korea |
Republic of Korea |
- Tracking of international shipments for ordered products
|
https://www.delivered.co.kr/ko/privacy-policy |
| EFS |
Overseas |
- Tracking of international shipments for ordered products
|
https://efs.asia/script/users/about.php |
| Amazon Web Services (AWS) |
United States |
- Provision of cloud infrastructure for service operations
- Management of servers, data storage, backups, and system operations
|
https://aws.amazon.com/compliance/sub-processors/?nc1=h_ls |
- When entering into entrustment agreements, the Company specifies in contracts and
other written documents, in accordance with the Personal Information Protection Act,
matters concerning the prohibition of processing personal information beyond the scope
of the entrusted purpose, implementation of technical and administrative safeguards,
restrictions on re-entrustment, management and supervision of entrusted parties, and
liability, including compensation for damages. The Company supervises entrusted parties
to ensure that personal information is processed securely.
- In the event of any change in the details of the entrusted services or the entrusted
parties, the Company shall disclose such changes without delay through this Privacy
Policy.
- Matters concerning the overseas entrustment of personal information processing are set
forth in Article 5.
Article 5 (Notice on Overseas Transfer of Personal Information)
The Company transfers personal information overseas to ensure the smooth provision of services.
In accordance with Article 28-8(2) of the Personal Information Protection Act and other applicable
laws and regulations, details regarding overseas transfers are provided below.
Data subjects may refuse the overseas transfer of their personal information; however, refusal may
restrict the use of certain services, such as payment processing, delivery, personalized services,
and the provision of advertisements.
If a data subject does not wish for their personal information to be transferred overseas, they may
withdraw from membership through My Page > Account Settings > Membership Withdrawal.
Membership withdrawal is at the user's discretion.
1. Legal Basis for Overseas Transfer
Article 28-8(1)3 of the Personal Information Protection Act
(Where entrustment or storage of personal information is necessary for the performance of a contract)
The data subject's explicit consent
2. Status of Overseas Transfer of Personal Information
① Overseas Transfer Related to Payment Processing and Contract Performance
Recipient
(Data Processor) |
Transferred Personal Information |
Purpose of Transfer |
Country of Transfer |
Timing and Method of Transfer |
Retention / Use Period |
| PayPal |
Name, address, billing address, shipping address, email address, IP address,
payment information. |
Payment processing and application of Seller Protection
policies
International payment processing |
United States |
Transferred via network at the time of service use |
Until the purpose of transfer is fulfilled |
| Eximbay |
Republic of Korea |
| Klarna |
Sweden |
| VTPAY |
Republic of Korea |
| Apple Pay |
payment tokens |
Payment approval and settlement
Payment authentication
processing
Provision of Buy Now, Pay Later (BNPL) services |
United States |
Until the purpose of transfer is fulfilled |
| AMEX |
United States |
| Adyen |
Payment processing and acquiring services
Risk management
|
EU |
|
Until termination of the contract |
② Overseas Transfer Related to Delivery Services
Recipient
(Data Processor) |
Transferred Personal Information |
Purpose of Transfer |
Country of Transfer |
Timing and Method of Transfer |
Retention / Use Period |
| DHL |
Name, address, contact information, shipping information, email address, and
personal customs clearance number |
International express delivery
International shipping
International
customs clearance coordination
Global shipping solutions
Overseas shipping agency
services
Customs duty payment agency services |
United States |
Transferred via network upon shipment request |
Retained until delivery is completed |
| FedEx |
United States |
| UPS |
United States |
| Aramex |
UAE |
| Parxl |
Singapore |
③ Overseas Transfer Related to Service Operations, Analytics, and Marketing
Recipient
(Data Processor) |
Transferred Personal Information |
Purpose of Transfer |
Country of Transfer |
Timing and Method of Transfer |
Retention / Use Period |
| Amazon Web Services (AWS) |
Personal information collected and generated during service use |
Server operations and data storage |
United States |
Transferred via network upon service use |
Retained until membership withdrawal or withdrawal of consent |
| Google Analytics |
Encrypted member identification information and usage records |
Analysis of service usage statistics |
United States |
Transferred via network upon service use |
Retained until membership withdrawal or withdrawal of consent |
| Amplitude |
Encrypted member identification information and usage records |
User behavior analysis |
United States |
Transferred via network upon service use |
For 30 days after membership withdrawal |
| Braze |
Encrypted member identification information and |
CRM management and delivery of personalized messages |
United States |
Transferred via network upon service use |
Retained until membership withdrawal or withdrawal of consent |
| Google |
Encrypted member identification information and usage records |
Provision of advertisements and behavioral analysis |
United States |
Transferred via network upon service use |
Retained until membership withdrawal or withdrawal of consent |
| META (Instagram, Facebook) |
Encrypted member identification information and usage records |
Provision of advertisements and behavioral analysis |
United States |
Transferred via network upon service use |
Retained until membership withdrawal or withdrawal of consent |
| Criteo |
Encrypted member identification information and usage records |
Provision of personalized advertisements |
United States |
Transferred via network upon service use |
Retained until membership withdrawal or withdrawal of consent |
| Salesforce |
Encrypted member identification information and usage records |
CRM management and delivery of personalized messages |
United States |
Transferred via network upon service use |
Retained until membership withdrawal or withdrawal of consent |
| Mailchimp |
Encrypted member identification information and usage records |
CRM management and delivery of personalized messages |
United States |
Transferred via network upon service use |
Retained until membership withdrawal or withdrawal of consent |
| FingerPush |
Encrypted member identification information and usage records |
CRM management and delivery of personalized messages |
United States |
Transferred via network upon service use |
Retained until membership withdrawal or withdrawal of consent |
Article 6 (Retention, Processing Period, and Destruction of Personal Information)
1. The Company shall promptly destroy personal information once the purpose of collection and
use has been fulfilled, or within 30 days from the date of membership withdrawal.
However, if applicable laws require the retention and processing of personal information for a
certain period, or in the following cases, the Company shall securely retain such personal
information for the required period and use it only within the scope of the stated purpose:
- Where investigations or inquiries are in progress due to violations of applicable laws: Until
such investigations or inquiries are completed
- Where rights and obligations arising from the use of services remain outstanding: Until
such rights and obligations are settled.
2. Notwithstanding Paragraph 1, personal information that the Company is required to retain
under applicable laws shall be retained until the end of the applicable period as follows:
① Act on Consumer Protection in Electronic Commerce, etc.
- Records related to contracts or withdrawal of subscription: 5 years
- Records related to payment and supply of goods or services: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
- Records on display and advertising: 6 months
② Protection of Communications Secrets Act
- Computer communications log records: 3 months (The most recent access date is
excluded for the purpose of verifying service usage periods.)
③ Framework Act on National Taxes
- Books and evidentiary documents regarding all transactions: 5 years
3. In order to minimize potential loss or damage caused by repeated membership withdrawal and
re-registration, and to enable account reactivation upon the user's request, personal information
that is not subject to statutory retention obligations shall be destroyed immediately upon
membership withdrawal.
The minimum information necessary for preventing re-registration abuse and protecting accounts
may be retained for a limited period and then destroyed.
4. The procedures and methods for the destruction of personal information are as follows:
① Destruction Procedure
The Company selects personal information for which a reason for destruction has arisen and
destroys such personal information upon approval by the Company's Chief Privacy Officer.
② Destruction Methods
- Personal information recorded and stored in electronic file formats: Securely
deleted using technical methods that render the data irrecoverable
- Personal information printed on paper: Destroyed by shredding or incineration
Article 7 (Additional Notice for California Residents)
(California Consumer Privacy Act, CPRA)
This Article applies to users who reside in the State of California and explains how StyleKorean
collects, uses, and shares personal information, as well as the rights of users, in accordance with
the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (CPRA).
This notice is based on the Company's personal information processing activities during the
current period and the preceding twelve (12) months.
1. Categories of Personal Information Collected
StyleKorean may collect and process the following categories of personal information:
- Identifiers
:Name, email address, IP address, account identifiers, and similar information
- Commercial Information
:Purchase, order, payment, and refund history; shopping cart records
- Characteristics of Protected Classifications
:Age, gender, and other characteristics protected under U.S. or California law
- Internet or Other Electronic Network Activity Information
:Website visit history, search activity, click activity, and usage logs
- Geolocation Data
:City- or country-level location information
- Audio, Electronic, or Visual Information
:Call recordings related to customer service inquiries
- Inferences
:Profile information reflecting purchasing tendencies, interests, and preferred categories
※ For detailed information regarding specific data elements collected and their sources, please
refer to the sections titled "Personal Information Collected" and "Purposes of Use" in this Privacy
Policy. In principle, each category of personal information is destroyed without delay upon the
achievement of the purpose of collection or upon membership withdrawal. However, where
retention is required by applicable laws, the information is retained for the period prescribed by
such laws. Specific retention periods for each item can be found in Article 6.
2. Categories of Recipients of Personal Information (Past 12 Months)
StyleKorean has disclosed personal information to the following categories of recipients for
business purposes:
| Categories of Personal Information |
Categories of Recipients |
| Identifiers |
Advertising and marketing partners; data analytics providers; payment processors; logistics
and
delivery partners; customer support partners; cloud service providers; security and system
maintenance providers |
| Commercial Information |
Payment processors; logistics and delivery partners; customer support partners; fraud
prevention partners |
| Characteristics of Protected Classifications |
Advertising and marketing partners; customer feedback platforms |
| Internet or Other Electronic Network Activity Information |
Advertising and marketing partners; data analytics providers; cloud service providers |
| Geolocation Data |
Advertising and marketing partners; data analytics providers |
3. Rights of California Residents
California residents have the following rights:
① Right to Know/Access
California residents may request information regarding the personal information that
StyleKorean has collected, used, or shared.
② Right to Correct
California residents may request the correction of inaccurate personal information.
③ Right to Delete
Unless an exception applies under applicable laws, California residents may request the
deletion of personal information collected and retained by StyleKorean.
④ Right to Opt-Out of Sale or Sharing
- StyleKorean does not sell personal information in exchange for monetary or other
valuable consideration.
- However, StyleKorean may share personal information with advertising partners for the
purpose of providing personalized advertising, which may constitute cross-context
behavioral advertising under applicable laws.
- Users have the right to opt out of such sharing at any time.
⑤ Right to Limit Use and Disclosure of Sensitive Personal Information
- StyleKorean may collect sensitive personal information, including IDs, passwords, and
payment information provided by users, for the provision of services. Users have the right
to request that StyleKorean limit the use and disclosure of their sensitive personal
information if it is used or disclosed beyond what is necessary to provide the services
(e.g., product delivery, payment processing).
⑥ Right to Non-Discrimination
California residents shall not be discriminated against for exercising any of the rights
described above.
Article 8 (Additional Notice for Residents of the European Economic Area (EEA))
(General Data Protection Regulation, GDPR)
This Article applies to residents of the European Economic Area (EEA). StyleKorean processes
personal information based on the following legal grounds in accordance with the GDPR.
1. Legal Bases for Processing Personal Information
- Consent of the data subject
- Performance of a contract with the user
- Compliance with legal obligations
- Protection of the vital interests of the data subject or another natural person
- Legitimate interests of StyleKorean
(provided that such interests do not override the fundamental rights and freedoms of the
data subject)
2. Rights of EEA Residents
EEA residents have the following rights:
① Right of Access
The right to obtain confirmation as to whether personal information concerning them is
being processed and whether such processing is lawful.
② Right to Data Portability
The right to receive a copy of personal information in an electronic format and to request
its transfer to another service provider.
③ Right to Rectification
The right to request correction of inaccurate personal information.
④ Right to Erasure (Right to be Forgotten)
The right to request the erasure of personal information when conditions for erasure
under the GDPR are met.
⑤ Right to Withdraw Consent
The data subject has the right to withdraw consent at any time regarding processing
based on consent.
⑥ Right to Restriction of Processing
The right to request restriction of processing in the following cases:
- Where the accuracy of personal information is contested
- Where processing is unlawful and the data subject requests restriction instead of deletion
- Where personal information is required for legal claims
- Where a balancing of legitimate interests and the data subject's rights is required
⑦ Right to Object
The right to object to processing for legitimate interests or direct marketing purposes.
⑧ Right not to be Subject to Automated Decision-making
The right not to be subject to a decision based solely on automated processing, including
profiling, which produces legal effects concerning the data subject or similarly significantly
affects the data subject.
⑨ Right to Lodge a Complaint
The right to lodge a complaint regarding the processing of personal information with the
supervisory authority of the Member State of the data subject's habitual residence, place of
work, or place of the alleged infringement.
3. Designation of EU Representative
The Company has designated a representative to handle inquiries regarding personal information
protection for EEA residents as follows:
- Representative Name: Sungwoon Kim
- Address: Powstańców Śląskich 7a, 53-332 Wrocław
- Email: jasonkim@siliconii.net
4. Cookies
For EEA residents, analytical cookies and marketing/advertising cookies (excluding cookies
essential for service provision) or similar technologies are used only with the user's prior consent.
Users may change or withdraw their consent to the use of cookies at any time through the
methods described in Article 9. Such withdrawal applies only to processing after the withdrawal
and does not affect processing that has already occurred.
5. Basis for Overseas Transfer for EEA Residents
When personal information of EEA residents is transferred to a third country outside the Republic
of Korea or the European Union, the Company transfers personal information based on one of the
following lawful bases in accordance with GDPR Chapter V:
- Transfer to a country with an Adequacy Decision or to an organization within the US
participating in the EU-US Data Privacy Framework (DPF);
- Execution of Standard Contractual Clauses (SCCs) approved by the European Commission
(applying additional technical and administrative safeguards such as encryption, access
control, and internal management procedures if necessary); or
- Where the user's explicit consent has been obtained, or where the transfer is necessary for
the performance of a contract with the user (e.g., shipping of goods, payment processing).
Article 9 (Operation of Automatic Data Collection Devices and Opt-Out)
1. Operation of Automatic Data Collection Devices (Cookies)
StyleKorean uses cookies to provide more personalized services to users.
Cookies are small text files stored on a user's device (PC, smartphone, tablet, etc.) during website
use, allowing the website to recognize the user upon return visits.
Information collected through cookies does not include personally identifiable information.
Cookies may be deleted when the browser is closed or the user logs out.
Collected cookie information is used for the following purposes:
- Analysis of service usage frequency, visit times, user interests and preferences, and event
participation
- Provision of personalized services and product recommendations tailored to user
preferences
- Analysis of user behavior patterns for service improvement and enhancement of the user
environment
Users may choose to allow all cookies, receive notifications when cookies are set, or block all
cookies.
■ How to Block Cookies by Browser
① Internet Explorer (IE 11)
- Open Internet Explorer and select "Tools" (gear icon)
- Click "Internet Options"
- Select the "Privacy" tab → Advanced
- Set cookie blocking or allowance
② Microsoft Edge
- Open Edge and click "..." in the upper right corner → Settings
- Select "Privacy, search, and services"
- Choose a tracking prevention level
- Scroll down and set "Send 'Do Not Track' requests"
③ Chrome
- Click ":" in the upper right corner → Settings
- Select "Privacy and security" → Site settings
- Select "Cookies and site data"
- Enable "Block third-party cookies"
■ Mobile Cookie and Tracking Opt-Out
- iOS: Settings > Privacy & Security > Tracking → Turn off "Allow Apps to Request to Track"
- Android: Settings > Google > Ads → Reset advertising ID / Opt out of personalized ads
※ Menu paths and names may vary depending on device and OS version.
2. Use of Web Analytics Tools
StyleKorean uses web analytics tools such as Google Analytics to analyze website usage records
for service improvement and optimization of the user experience.
No personally identifiable information is processed during this process, and Google's handling of
information is governed by Google's Privacy Policy.
Users who do not wish to use Google Analytics may opt out by installing the browser add-on
provided at the links below:
- Chrome: Google Analytics Opt-out Browser Add-on
- Internet Explorer and other browsers: Same add-on available
Google Analytics opt-out and privacy information:
Article 10 (Collection, Use, Provision, and Opt-Out of Behavioral Information)
1. The Company collects and uses behavioral information generated during service use to analyze
users' interests and tendencies, and to provide personalized services, benefit notifications, and
online customized advertisements.
2. The Company collects behavioral information as follows:
- Legal basis: Article 15(1)(4) of the Personal Information Protection Act
(Processing necessary for the performance of a contract)
| Categories of Behavioral Information Collected |
Method of Collection |
Purpose of Collection |
Retention and Use Period / Subsequent Processing |
| Login and sign-up access records, product view history, items added to cart, order and
purchase completion records |
Automatically collected and transmitted during website/app use |
Analysis of customer activity and provision of personalized recommendations |
Retained until membership withdrawal and then destroyed |
3. The Company may allow the following online customized advertising providers to collect and
process behavioral information:
- Advertising providers that collect and process behavioral information
Google Ads, META(Instagram, Facebook), Twitter, Snapchat, TikTok, Amazon Ads, Criteo
- Method of collection
Automatically collected and transmitted during website and app usage
- Categories of behavioral information collected and processed
Web/app visit history, search history, purchase history
- Retention and use period
Until membership withdrawal or termination of the relevant contract
If users do not wish to have their behavioral information collected or to receive customized
advertisements, they may opt out through the links below:
4. Contact for Access, Deletion, and Opt-Out Requests Regarding Behavioral Information. Data
subjects may contact the channels below to request access to or deletion of behavioral
information, exercise opt-out rights, or apply for remedies related to damages:
- Chief Privacy Officer: Jaewon Kim (jaewon@siliconii.net)
- Contact: StyleKorean Customer Service Center
Article 11 (Provision of Personal Information to Third Parties)
The Company provides personal information to third parties only with the user's consent or where
permitted by the Personal Information Protection Act or other applicable laws.
Article 12 (Measures to Ensure the Security of Personal Information)
The Company implements the following technical, administrative, and physical safeguards to
prevent loss, theft, leakage, forgery, alteration, or damage of personal information.
1. Technical Safeguards
- Personal information is protected by passwords, and sensitive information is encrypted
when stored.
- Security programs are installed and regularly updated to protect personal information
from external threats such as computer viruses, malware, and hacking.
- Encrypted communication technologies (e.g., SSL) are applied to ensure secure
transmission of personal information.
- Security monitoring, vulnerability assessments, intrusion prevention, and detection systems
are regularly operated to identify and respond to suspicious activities.
2. Administrative Safeguards
- Access to personal information is restricted to the minimum number of personnel
necessary for business operations, and regular security training is provided to employees
handling personal information.
- Access rights are granted, modified, and revoked in accordance with internal management
procedures, and misuse or abuse of access rights is periodically reviewed.
- Compliance with personal information protection laws is continuously monitored through
internal audits and inspections.
- When personal information processing is outsourced, the Company thoroughly supervises
and manages service providers.
3. Physical Safeguards
- Access control procedures are implemented for areas where personal information is
stored, such as data centers and document storage rooms, ensuring that only authorized
personnel may enter.
Article 13 (Chief Privacy Officer)
1. The Company appoints a Chief Privacy Officer to oversee personal information processing and
to handle complaints, inquiries, and remedies related to personal information protection, as
follows:
- Chief Privacy Officer
- Personal Information Protection Department
2. Users may contact the Chief Privacy Officer or the relevant department regarding any inquiries,
exercise of rights, complaints, or remedies related to personal information protection arising from
the use of the Company's services.
Article 14 (Reporting and Consultation on Personal Information Infringement)
If consultation or reporting related to personal information infringement is required, assistance
may be obtained from the following institutions:
※ These institutions are independent from the Company and provide general consultation related
to personal information infringement.
Article 15 (Amendment of the Privacy Policy)
1. The Company may amend this Privacy Policy in accordance with changes in applicable laws or
services. Any revisions or updates will be announced on the Company's website. In the case of
material changes, prior notice will be provided at least seven (7) days in advance.
2. This Privacy Policy shall take effect as of January 1, 2026.
3. Previous versions of the Privacy Policy may be reviewed below:
Delete Account
To close your account, go to ‘My Account’ > ‘Account Settings’
- After deleting your account, the closed account’s ID cannot be used to create another account.
- Lose access to any store credit, coupon, and membership of the closed account, and cannot be refunded
or transferred.
- Personal data will be deleted.
K-Beauty
CART
